Secura

🎉Google rewarded groundbreaking work by our colleague ⌨Leonidas Vasileiadis. He did research on static analysis evasion techniques in Android malware, and created a tool to detect and counter these advanced techniques. Interested? Come to DEF CON 32. ⌨Leonidas Vasileiadis and Kaloyan Velikov will present the findings at the DEF CON Demolab in Las Vegas. They will also introduce #apkInspector, a new tool designed to detect and counter these advanced techniques. #cybersecurity #Android #malware

🚨 Hacked? Who should you notify? 🔒 Download our free NIS2 Incident Response Requirements POSTER (A2) 🔒 The EU cybersecurity law, NIS2, enforces strict requirements for incident response. Reporting severe incidents within 24 hours is just the beginning. To help your team stay informed and compliant, we've developed the NIS2 Incident Response Requirements Poster. Download, print, and display it in your workspace for easy reference (Also available in Dutch): 📥 Download here: https://lnkd.in/esaF7CrP Why NIS2 Compliance is critical: 🛡 Effective Date: October 18, 2024, or later, depending on your country. 🛡 Serious Consequences: Non-compliance penalties are stricter for essential entities. 🛡 Management Liability: Upper-level management is now accountable for cybersecurity obligations, a significant shift from the original NIS directive. Stay ahead of the curve and ensure your organization meets NIS2 requirements. #Cybersecurity #NIS2 #IncidentResponse #Compliance #Secura #DeClercq

🔒 "98% of organizations have a relationship with a vendor that experienced a data breach within the last 2 years," highlighted Götz Weinmann from Orange Cyberdefense at the NIS2 Congress in Germany. This staggering statistic underscores the critical importance of compliance with #NIS2, including supply chain security. 🌟 At Secura/Bureau Veritas Group, we aim to be a trusted partner in cybersecurity. We consider NIS2 an important, valuable step in creating a safer world. Our colleagues, Yashar Yahyaie and Laura Ewert, attended the congress to discuss the latest developments, best practices, and strategies for NIS-2 compliance. We extend our gratitude to the organizers for hosting this NIS2 Congress in Stuttgart. https://lnkd.in/eqCAfGsN #Cybersecurity #NIS2 #Compliance #SupplyChainSecurity #BureauVeritas #OrangeCyberdefense #CyberAware

Today, our colleagues Charleston Lee and 💻George Damiris presented on hacking Artificial Intellingence / Large Language Models (#AI #LLM) at the Challenge the Cyber bootcamp. It's amazing to see talented young hackers in the Netherlands spend a week diving into cybersecurity, honing their technical skills, and competing to be part of the Dutch team for the European finals A big thank you to Daniel Meinsma and Jasper Boot for organizing this fantastic initiative.

🛠️ New article: How we created the Wi-Fi backpack to help Pentesters and Red Teamers 🛠️ What do you do as an ethical #hacker if you need a device that doesn't exist? You make it yourself... We created the #WiFiBackpack to help us gain access to targets' Wi-Fi networks. As #Pentesters and #RedTeamers, we often need an effective solution to gain access to our target’s Wi-Fi network, a critical entry point often overlooked. Existing solutions were lacking in various areas, leading us to create our own device: the Wi-Fi backpack. It has been successfully used in multiple red team and wireless network assessments, with clients even requesting it by name. 👉 Learn more about the Wi-Fi backpack: https://lnkd.in/e64NxyXH #cybersecurity #penetrationtesting #redteam #innovation #wifibackpack #vapt 

We did a great project with Nobian, European leader in the production of salt, essential chemicals, and energy for industries ranging from construction and cleaning to pharmaceuticals and water treatment. The company recognized that cyberattacks on #OT environments are a growing problem, and that securing Operational Technology is more important than ever. The EU #NIS2 regulation also requires cybersecurity for OT environments. ❓ Nobian's challenge: Do we know what to DO if a cyber crisis hits us? ❓ Secura and Nobian conducted a practical simulation of a ransomware attack on one of the production sites. In this case study, we share with you the approach and lessons learned from this OT Tabletop Crisis Management Exercise. 👉 Read the case study here: https://lnkd.in/eNr_Na_s "It was especially helpful to improve the alignment and communication between our Crisis Management Team and our local OT Security Incident Response Team." ~ Site crisis management Team Leader, Nobian. #CyberSecurity #OTSecurity #CrisisManagement #Ransomware #IncidentResponse #Nobian #Secura

📸 Stronger Together 🌟 We had a fantastic and insightful time last week at our Summit and summer meeting in Scheveningen, The Hague. It was all about coming together, improving our skills, and brainstorming new strategies to serve you even better. We would like to thank Dreamfactory for inspiring workshops on how to grow in our role as a trusted cybersecurity partner for our clients. Thanks to Emma Regeni from our valued client Knorr-Bremse AG, for providing insights into how to improve cooperation. At Secura/Bureau Veritas Group, we're not just about cybersecurity – we're about building partnerships and creating a more secure digital world. Our goal is to be your business partner and raise your cyber resilience. Together with you, we’re making great things happen. #CyberSecurity #ClientSuccess #TrustedPartner #StrongerTogether #Scheveningen #Summit

Secura's Sjoerd Peerlkamp uncovers an unintended consequence of NIS2, which he calls "the #NIS2 Paradox." He observes that companies tend to give more attention and funding to compliance paperwork than actual cybersecurity measures. This can lead to less effective cybersecurity, precisely the opposite of what the EU Network and Information Security Directive aims to achieve. This is the NIS2 Paradox. How can businesses, especially those with limited budgets, balance paperwork with practical security? Sjoerd offers six strategies to navigate this paradox and integrate compliance into a comprehensive security approach. Join the discussion, and learn more about finding the right balance for effective cyber resilience.

🎉 Happy to introduce our newest team members at Secura: Jorge Platas Feced, Sil Kribben, Mohammed Alshukaili . We're excited to have you onboard. 🥳 #newhires #wearehiring #becomepartofourteam #makeanimpact #buildingtrust #elevateyourcybersecurity #raiseyourcyberresilience

🌐 Understanding and Complying with the RED 3.3 Directive for Products with Wireless Capabilities 🌐 📡 Are you a manufacturer of products with wireless capabilities like NFC, Wi-Fi, or Bluetooth? You need to act now on the EU Directive for Radio Equipment, RED 3.3, to meet the new cybersecurity requirements by August 2025. Watch our Webinar on Demand now. 🎥 WATCH HERE: https://lnkd.in/eiD82QXc Hugo Lenssen from Rijksinspectie Digitale Infrastructuur, Michael Beine from Bureau Veritas Group, and Jasper N. Nota from Secura will explain RED 3.3 and best practices on how to become compliant. KEY TAKEAWAYS 1️⃣ Significance and Scope of RED 3.3 Compliance: The RED 3.3 regulations become mandatory by August 2025, impacting manufacturers of wireless products like #NFC, Wi-Fi, and Bluetooth. The directive ensures cybersecurity and data privacy, covering encryption, firmware updates, and unauthorized access prevention. Compliance involves manufacturers, test labs, notified bodies, and market surveillance authorities, ensuring regulatory standards are met before market entry. Products already in use are excluded, but new or modified products sold after August 2025 must comply. 2️⃣ Compliance Procedure and Standards: Compliance steps: initial awareness, health check/gap analysis, conceptual/functional assessment, and certification. The process takes six to nine months, so manufacturers should start now. Standards include ETSI EN 303 645 for IoT, IEC 62443 for industrial automation, and EN 18031 for self-assessment. Test labs and notified bodies are crucial for standards requiring third-party validation. 3️⃣ Challenges and Practical Examples of Vulnerabilities: Common vulnerabilities: insecure debug interfaces on security cameras, insecure storage of wireless credentials on smart lights, and command injection in industrial routers. These highlight the need for physical and network security. Manufacturers should adopt a risk management approach, not just treat compliance as a checklist. This involves thorough testing and continuous monitoring to ensure device security throughout their lifecycle. Hugo Lenssen: "One more thing: Cybersecurity isn’t just a tick box, it's thinking about risks. It takes time, and depending on the type of company, you need product innovation, a CISO, an ICT person, and/or proper knowledge if needed. Don’t wait—you can already do things now".